Tech Overview | Product
Code42 Defines its
Critical Capabilities Methodology
A technical analysis of top enterprise requirements
from the leader in enterprise endpoint backup
“In my years using
Code42, it has
proven itself to be
an industry leader
in reliability and
ease of use.”
Engineer at a Global 500
Pharmaceuticals Company
—TechValidate
No enterprise technology purchase is made without scrutiny. Like all technology,
endpoint backup evaluation should be judged against a comprehensive list of critical
capabilities. Analysts influence technology decisions and provide valuable guidance
based on their own list of criteria, but an enterprise buying team must ultimately set
and prioritize the product capabilities that are most significant to its business.
More than 39,000 organizations have evaluated Code42 and chosen it as the best endpoint
backup solution to protect employee data and reduce risk across the organization.
Here are five reasons why.
1. Performance
Why it matters
Performance tops the requirement list.
Performance is a technical evaluation that
assesses the reliability of a product in the
real world. Beyond promised features,
the product must perform reliably and
dependably in actual use to meet business
demands and deliver the most value.
Evaluation criteria and Code42
Endpoint backup is typically measured
through backup efficacy and the ability
to restore files, deduplication methodology
to manage storage size, and network,
disk I/O and CPU throttling to manage the
effects of backup on worker productivity.
Backup methodology: Code42 analyzes
end-user files and segments them into
variable-size blocks, removing any
duplicates so that only incremental,
subsequent file changes are sent to
the backup destination. Client-side
deduplication, rather than global, reduces
both storage requirements at the server
level as well as network consumption
between the client and server, and
eliminates the need for expensive servers
in the data center.
Restore: When requested, blocks are
sent from the server to the client over
an encrypted channel. They are then
decrypted, assembled, and restored to
TECH OVERVIEW: PRODUCT
a location on the device. Client-side
deduplication speeds the process of
locating all data blocks since there is no
need to aggregate data from multiple
repositories to restore files. The end result
is a faster, more reliable restore.
Network throttling: Code42 offers a
number of options to accelerate backup
while minimizing impact on network
resources. These include configurable
bandwidth for LAN and WAN backup
destinations, specified bandwidth limits for
backing up while using a VPN connection,
time-based bandwidth management to
control bandwidth usage during peak and
off-peak hours, and TCP packet quality-
2
of-service (QoS) tagging which allows for
advanced network tuning at the network
router and switch layer.
Disk I/O: Backups run continuously in the
background, as often as every minute.
Client-side deduplication and compression
enables Code42 to work efficiently by
capturing incremental, block-level changes
in real-time—thus reducing disk activity.
CPU throttling: Code42 is designed to
remain invisible to end users so backups
never interfere with productivity. CPU
utilization can be customized to when a user
is present or away, allowing CPU to scale
back when a user is at work on the device.
2. Scalability
Why it matters
Scalability is vital to the success of a
solution at the enterprise level—and a
proven strength of Code42. Buying teams
cannot afford the lost time and money of
evaluating, purchasing, and deploying a
solution only to have it fail in real-world
application. Enterprises need assurance
that a solution can scale to support its
business—and has already done so for
other large customers.
Evaluation criteria and Code42
Scalability is best evaluated by examining
real-world examples of similar customer
deployments and the product features and
techniques that support scalability—such
architectural design, unified administrative
capabilities, directory services integration
and supported file sizes.
Current customer deployments:
Code42 has the privilege of protecting
critical end-user data for Global 2000
companies, with many instances of 50,000,
75,000 and 100,000+ user deployments.
Code42 operates a large-scale cloud that
supports more than 1 million devices across
seven global data centers.
Infrastructure: A single Code42 server
can support authentication of up to 75,000
devices to the Code42 cloud. Client-side
deduplication and compression enables
the Code42 platform to scale from hundreds
to hundreds of thousands of users with
minimal overhead to enterprise IT.
Ease of administration: Global
deployments are achieved through a single
administrative console that consolidates
and monitors all devices and aggregates
statistics from all storage nodes worldwide.
TECH OVERVIEW: PRODUCT
Directory services integration: Integration
with enterprise directory services such as
Activity Directory and LDAP supports user
authentication, authorization, role and
destination assignment, as well as policy
membership. Code42 LDAP authorization
services include the ability to automatically
provision users, deactivate users, assign
roles and permissions, and apply device
settings by group. Code42 customers use
this feature to automate the assignment of
legal hold status, backup destinations, and
3
immediate quarantine of terminated
employee data with no required
administrative intervention.
Supported file sizes: Code42 places no
limit on the file sizes during backup, but
does allow administrators to exclude
certain file types. When backing up large
files, Code42 has the ability to break the
backup into small blocks, and process
smaller blocks individually. If the backup
process is interrupted, it automatically
resumes with the last block rather than
restarting the capture of the full file—
enabling backups to complete faster.
3. Backup frequency
Why it matters
Backup frequency is one of the primary
failures of legacy endpoint backup
solutions. Enterprise buyers deploy
automatic backup to ensure recovery point
objectives and recovery time objectives
are met. The value of endpoint backup
immediately deteriorates if backups do
not complete frequently and reliably, and
therefore fail to circumvent breaks in
business continuity.
Evaluation criteria and Code42
Backup frequency determines the recovery
point objective (RPO), i.e., the interval
of completed backups and duration of
time and service level to which data
must be restored following an incident.
It is measured by a product’s default and
customizable backup intervals.
Continuous protection: Code42
continuously monitors the device for file
changes, and performs a backup of deltas
every fifteen minutes by default. Backup
frequency can be adjusted to occur as
often as every minute. Backup settings
can be set from the unified administration
console and locked to prevent end users
from tampering with defined policies.
Non-disruptive backups: Frequent,
block-level backups and low CPU
utilization mean Code42 runs in the
background, without slowing the machine.
The result: Code42 customers have fully
completed backups to support reliable
file recovery—something rarely seen with
legacy backup solutions.
Granular settings: Settings and policy
changes can be made for a single device,
group of devices or for all devices.
Enterprises that leverage Code42 to
assist with legal hold and e-discovery
processes often apply unique backup
settings in order to perform more frequent
backups or adjust retention settings.
TECH OVERVIEW: PRODUCT
4
4. Client diversity
Why it matters
Enterprise Mac usage is rapidly growing,
with 92 percent of businesses supporting
Macs today.1 The enterprise ecosystem
is rapidly moving from homogeneous to
diversified, forcing IT to seek solutions
that back up data regardless of operating
system in order to reduce administration
burden. Legacy endpoint backup solutions
were developed primarily for Windows
machines and have offered poor support
for Mac and Linux endpoints—making
client diversity a key capability of a
modern replacement.
to manage and protect all end-user
devices via a single solution. A consistent
user interface across platforms simplifies
both administration and end-user training.
Heterogeneous restores: Data can be
seamlessly migrated from the cloud
to a new device, even when switching
platforms (such as moving from a Windows
device to a Mac). This greatly simplifies
tech refresh projects and provides more
flexibility for end users to choose their
preferred operating systems.
Evaluation criteria and Code42
Client diversity is measured by a
product’s ability to support distinct
operating system platforms and perform
file restores across platforms.
Cross-platform backup: Code42 works
seamlessly across Mac, Windows, and
Linux, enabling enterprise IT admin­istrators
1
JAMF 2015 Survey:
Managing Apple Devices
in the Enterprise
5. Security-first product development
Why it matters
Code42 acknowledges that data is the
most important asset in the enterprise.
Customers entrust their data to Code42 as
a result of our promise to create product
features that prioritize data security and
the reliability of our core offering.
Evaluation criteria and Code42
Product design at Code42 adheres to
the ranked principles of security, reliability,
usability, and performance. Code42
develops features only when they meet
our core tenet of security.
Code42 develops its products in a way
that prioritizes data security and respects
the best interests of its customers. These
guiding principles drive innovation and
give Code42 customers confidence in
their investment.
TECH OVERVIEW: PRODUCT
PRINCIPLES
OF PRODUCT
D E V E LO P M E N T
Code42 product
development is guided
by four principles in
which no attribute
compromises the
principle preceding it.
These guiding principles
are known at Code42
as “SRUP.”
S
R
U
P
Code42
products must
be secure.
Code42
products must
be reliable.
Code42
products must
be user-friendly.
Code42
products must be
high-performing
(flexible, scalable
and fast).
As an example, Code42 has strategically
chosen client-side over global deduplication
because global deduplication violates our
core development principles.
Global deduplication compromises
security: It is a process in which all enduser data is sent to the data store server
to be deduplicated against the server
index. All but one identical block of data
is removed from the data store, and
duplicate data is replaced with a redirect
to the unique data file. Global dedupe
compromises security as a result of how
encryption keys are handled at the data
store. Unlike client-side deduplication
which allows each user archive to have its
own encryption key, global deduplication
requires a common encryption key across
all data sets so that multiple users are
able to access and restore a common
data block. To make matters worse,
global deduplication is protected by an
administrator password layered over a
regular encryption key. The vulnerability
of this approach is clear: if an individual
with the encryption key compromises the
administrator password, he or she will have
immediate access to the entire data store.
Global deduplication compromises
reliability: Because files and data blocks
are reduced to a single instance that
can be accessed by many users, global
deduplication increases the risk of data
5
loss. If a file or data block is corrupted
in the single instance, all users will
experience the same file loss or corruption.
Global deduplication compromises
usability: It makes it harder for the
enterprise to choose an on-premises
storage destination for its sensitive data.
While it’s true global deduplication will
reduce the number of files in the data
store, it also requires enterprises to
purchase considerably more expensive
hardware and additional memory in order
to meet the demands of deduplication
on the server.
Global deduplication compromises
performance: It slows restore speeds—
especially at scale in a large enterprise.
Because unique files or data blocks are
not grouped by user as they come into
the data store, the system must search the
entire data store (rather than a user-aligned
archive) to locate requested data. When
the data store is small, it may be easy for
the system to locate all the data blocks
mapped to one user, but as the data store
grows in size, the time required to locate
data blocks extends. This slows the file
restore process and forces the end user to
wait at the most critical time—when a file is
needed to continue working.
TECH OVERVIEW: PRODUCT
6
Looking ahead: Code42’s investments for the enterprise
39K+
Businesses
worldwide trust their
end-user data to
Code42, including:
7/10
Largest technology
companies
10/20
Of the most
valuable brands
7/8
Ivy League
colleges
Code42 has the privilege of protecting
end-user data for many of the most
recognized brands in business and
education. Our incumbency is evidence
of Code42’s enterprise performance,
reliability and scale. In addition, our
relationships with leading organizations
enables a feedback loop that cont­
inuously informs product requirements and
roadmap. We are building upon real-time
backup capabilities to solve existing and
future enterprise problems.
We are dedicated to:
• Strengthening our core backup
performance through consistent releases
that enhance enterprise endpoint
backup and restore functionality.
• Continuing to unlock the value of
enterprise data by investing in data
governance, visibility, legal hold,
data migration and other valuable
advancements.
Conclusion
Endpoint data protection is an essential
and fundamental security investment in
an era of inevitable data breach. For this
reason, enterprises are re-evaluating their
endpoint security strategies and deploying
endpoint backup as a means to mitigate
risk and respond to data loss
Code42 delivers what the enterprise needs
most—a high-performing, scal­able solution
to securely and continuously protect enduser data across all devices. That’s why
we’re the chosen partner for more than
39,000 businesses worldwide.
FOR MORE INFORMATION: CODE42.COM/CONTACT
CORPORATE HEADQUARTERS | 100 WASHINGTON AVENUE SOUTH | MINNEAPOLIS, MN 55401 | 612.333.4242 | CODE42.COM
Code42, the leader in cloud-based endpoint data security and recovery, protects more than 47,000 organizations worldwide. Code42 enables IT and security teams to centrally manage and protect critical data
for some of the most recognized brands in business and education. From monitoring endpoint data movement and use, to meeting data privacy regulations, to simply and rapidly recovering from data incidents no
matter the cause, Code42 is central to any organization’s data security strategy. Code42 is headquartered in Minneapolis, MN and backed by Accel Partners, JMI Equity, NEA and Split Rock Partners.
For more information, visit code42.com. © 2017
Product | OV061773